[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
AW: unknown CA
Hallo Howard,
Do you mind if I will fix it? And look, I believe there is something wrong with
openldap 2.1.2, openssl 1.9.6d
if build together on solaris 2.6 with forte 6 update 1. I was struggling few hours with those fancy error messages I've described before, but could not find anything besides of the fact that s_client and s_server do work well with the same certificates. Thus, I will have to investigate this problem. I will inform you regardless to if I will have success or not.
Cheers, Vadim Tarassov.
-----Ursprüngliche Nachricht-----
Von: Howard Chu [mailto:hyc@highlandsun.com]
Gesendet am: Freitag, 14. Juni 2002 04:29
An: Tarassov Vadim; OpenLDAP-software@OpenLDAP.org
Betreff: RE: unknown CA
The code to support TLSCACertificatePath has not been written. This option
hasn't worked for a long time.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Tarassov Vadim
> Sent: Thursday, June 13, 2002 9:33 AM
> To: 'OpenLDAP-software@OpenLDAP.org'
> Subject: unknown CA
>
>
> Hallo again,
>
> in addition to the problem I described before I noticed another
> strange thing:
>
> If I specify
>
> TLSCACertificateFile /usr/local/openldap/etc/certs/CA/CA_pubkey.pem
>
> ldap starts
>
> but if I specify
>
> TLSCACertificatePath /usr/local/openldap/etc/certs/CA/
>
> ldap does not want to start writing following:
>
> TLS: could not load client CA list
> (file:`',dir:`/usr/local/openldap/etc/certs/CA/').
>
> although in man you can find
>
> TLSCACertificateFile <filename>
> Specifies the file that contains certificates for all
> of the Certificate Authorities that slapd will
> recognize.
>
> TLSCACertificatePath <path>
> Specifies the path of a directory that contains
> Certificate Authority certificates in separate
> individual files. Usually only one of this or the
> TLSCACertificateFile is used.
>
> Do you know what am I doing wrong?
>
> Regards, Vadim Tarassov.
>
> -----------------------------------------------------------
> Vadim Tarassov
> e-Platform Solution Center
> mailto:vadim.tarassov@winterthur.ch
> Phone +41 52 261 73 22, Fax +41 52 261 46 40
> Mobile +41 076 380 51 26
> -----------------------------------------------------------
> Winterthur Insurance
> Paulstrasse 12
> CH-8401 Winterthur
> http://www.winterthur.com/ch
> -----------------------------------------------------------
>